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REMARKS 

In this application, claims 1-33 are currently pending. Claims 1-33 have been rejected 
under 35 U.S.C. § 102 as allegedly anticipated by U.S. Pat. No. 6,510,464 to Grantges et aL 
(hereinafter "Grantges"). The same claims also stand rejected under § 103 as allegedly obvious 
inviewofU.S. Patent No. 6,336, 140 to Elgressy ("Elgressy") further in view of US. Patent No. 
6,636,894 to Short et al. ("Short"). Applicants submit that the pending claims are patentable for 
the reasons set forth hereinafter, and accordingly request reconsideration and withdrawal of the 
pending rejections. 
Summary 

Although the claims and the art will be addressed in detail below, a brief summary may 
help the reader more fully understand this response. With respect to Grantges, the assertion that 
this reference teaches each and every element of each and every claim is not accurate. In fact, 
the reference does not even teach each element of the broadest claims, let alone the remaining 
claims. As the Examiner has previously discussed with Applicants' representative, each claim 
recites using network address translation (rewriting of destination addresses) to redirect an 
access attempt to an access controlling server. However, Grantges teaches neither rewriting 
addresses nor redirecting packets. Thus, the assertion that this reference anticipates any 
particular claim appears to be erroneous. 

With respect to the combination of Elgressy and Short, this combination similarly does 
not meet the statutory, technical, or logical requirements for such a rejection. Firstly, the stated 
motivation for making the combination is technically and logically unsound. Secondly, even 
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were one to nonetheless make the asserted combination, the claim elements are still not met, 
since, for example, neither reference pertains at all to the redirection of packets. 
The 5 102 Rejections 

As noted above, all pending claims (1-33) stand rejected as anticipated by Grantges. For 
convenience, claim 1 is presented below in chart form, with each element placed next to the 



allegedly matching teaching from Grantges. 



Claim 1 


Grantees 


, A method of controlling at a gateway computing 
device access of a client machine to a desired resource 
hosted on a destination server, the desired resource 
being of at least one material type selected from the 
group including audible materials, readable materials, 
and viewable materials, comprising the steps of: 


(preamble) 


(a) at the gateway computing device 
receiving handshaking packets from the client 
machine having as a destination address the 
destination server; 


Col. 6, lines 37-67. 
(However, as will be discussed 
below, the client machine in 
Grantges doesn 7 even know the 
address of the destination server, 
so how could it ever send the 
recited packets?) 


(b) redirecting network communications 
at the gateway computing device, including the 
steps of: 


(Element Preamble) 


redirecting the handshaking 
packets by rewriting the destination 
address in the handshaking packets' IP 
headers to route the packets to an access 
controlling web server that is remote from 
the client, the gateway, and the 
destination server; 


Same cited section. 
(However, again to be discussed 
below, no packet is ever redirected 
at all in Grantges, let alone in this 
specific manner,) 
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receiving a content request packet 
from the client machine at the gateway 
destined for the destination server 
intended to retrieve the desired resource 
from the destination server; and 


Column 7, lines 1-8. 
(However, this section merely 
describes a gateway proxy server, 
and has no bearing on any request 
packet, its destination address, or 
intended purpose.) 


at the gateway redirecting the 
content request packet by rewriting the 
destination address in the packet IP 
header to route the packet to the access 
controlling web server; 


The Office action cites Grantges* 
gateway proxy server and 
webserver of Figure U noting that 
"it was obvious the proxy means 
redirect the IP address of header to 
route the packet to the access 
control server or authorization 
server" 

(Actually, not only is the Office's 
unsupported supplementation of 
the reference not obvious, its also 
highly unlikely that Grantges 
would even work in this fashion.) 


(c) receiving a response at the gateway from the access 
controlling web server; and 


The action simply cites all of 
Figure 1. If there is something 
specific in Figure 1 that was meant 
to be clearly cited, such was 
anoarentlv overlooked 


(d) at the gateway, controlling access of the client 
machine to the desired resource based on the response 
from the access controlling web server, including 
refusing the client machine access to the desired 
resource if the response from the access controlling web 
server indicates that the client should not have access to 
the desired resource and granting the client machine 
access to the desired resource if the response from the 
access controlling web server indicates that the client 
should have access to the desired resource. 


Action cites Grantges 1 gateway 
and authorization server. 
(Of course, a citation of structure 
to anticipate method steps is 
irrelevant unless there is also a 
cited teaching that the cited 
Structures perform exactly the 
claimed function; the action made 
no attempt to identify the required 
teachings.) 



Having summarized the Office's position and Applicants' traversal thereof, several 
primary elements will now be addressed in greater detail. 
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...at the gateway computing device receiving handshaking packets from the 
client machine having as a destination address the destination server... 

Initially, it should be noted that although this element has been amended for clarity, the prior 
version ("intended to begin a session with" in Heu of "having as a destination address") is 
also not taught by the prior art, and thus although these comments will of course use the 
present wording, the comments would pertain equally to the prior version. 

Focusing on this limitation, the limitation specifically recites that a packet is destined 
for, i.e. addressed to, the destination server. As noted above, the Office has cited column 6, 
lines 37-67 as teaching this element Even taking this section in isolation, it states that "[the 
authors] emphasize that the . . .digital certificate being presented to gateway proxy server 40 
belongs to DMZ proxy server 34, not the user 18 of client computer 22." This indicates that 
the simple redirection envisioned by the Office is not in fact what is occurring. To leave no 
doubt, consider that the reference itself states at col. 8, lines 24-28: "It bears emphasizing 
that user 18/client computer 22 only knows the Uniform Resource Locator (URL) of DMZ 
proxy server, not of the gateway proxy server or destination servers " In other words, the 
client computer of Grantges doesn't even know the address of Grantges' destination servers! 
Clearly, then, the handshaking packets of Grantges are neither destined for nor addressed to 
the destination servers. 

Moving on, a subsequent limitation of claim 1 requires: 

redirecting the handshaking packets by rewriting the destination 
address in the handshaking packets' IP headers to route the packets to an 
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access controlling web server that is remote from the client, the gateway, 
an d the destination server. . . 

So assuming that the handshaking packets were initially addressed to the destination servers 

(and as noted above, this is not actually possible), does Grantges teach subsequently 

redirecting these, or any, packets by rewriting the address in the packet header? 

The Office says yes, and cites to the same section as for the prior element. However, 
looking again at this section,, there is no teaching of packet or other redirection, let alone in 
the specific manner recited by the claim. Instead, the cited section simply discusses 
communications between proxy servers across a firewall In fact, the section specifically 
says that it describes an "information forwarding step," (line 58) which isn't even Vpacket" 
forwarding, let alone packet redirecting, If the Office continues to assert that "information" 
forwarding is somehow equivalent to "packet" redirecting, it is respectfully requested that a 
clear reason, and if possible a reference, be provided. 

Alternatively, perhaps the Office intended to cite to the communications between 
Grantges web/proxy servers and the authorization server. (See later assertion that "it was 
obvious the proxy means redirect the EP address of header to route the packet to the access 
control server or authorization server.") Addressing this assertion with respect to both elements 
that recite packet redirection by rewriting addresses in packet headers, the action's assertion is 
actually the only "teaching" of record that Grantges could/would/does work this way. 

Thus, there is a question that really should be focused upon with clarity: Does the proxy 
server (or web server) of Grantges actually talk to the authorization server via client packet 
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redirection rather than the normal query/response communications? Every indication in 
Grantges points to the reality that the proxy server (or web server) sends its own packets to the. 
authorization server for its own purposes — it does not redirect a client packet to the 
authorization server. 

Not only does Grantges fail to actually say anywhere that it uses packet redirection, but 
the actual text of Grantges specifically refiites the assertioa See, for example, column 7, lines 
34-44: *\ . , gateway proxy server 40 and authorization 46 conduct messaging between each other 
in accordance with a so-called Lightweight Directory Access Protocol (LDAP)." Since there's 
no indication (and no real likelihood) that Grantges' client sent an LDAP-compliant packet in 
the first place, the mechanism of communications between Grantges* proxy/web server and 
authorization servo- is clearly something other than packet forwarding (i.e., its normal LDAP 
communication). 1 There are additional indications in the reference that similarly make clear to 
those of ordinary skill in the art that there is no packet redirection occurring. However, it is not 
felt to be necessary to belabor the point further at this time. 

Although the remaining claim elements need not be addressed in further detail at this 
time since their antecedent recitations are not taught in the cited art, applicants would like to 
point out the arguments set forth in chart form above. 



1 Since the Office's assertion of obviousness with respect to packet redirection is given without any accompanying 
support or even reasoning, it is taken as official notice. As such, it is respectfully traversed, and a specific citation to 
supporting authority is respectfully requested. 
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In summary, it is respectfully submitted that claim 1 is not anticipated by Grantges since 
the reference simply foils to teach many of the claimed elements. Accordingly, it is respectfully 
requested that claim 1 be favorably reconsidered, and that the rejection thereof be withdrawn. 

With respect to independent claims 1 7 and 33, these claims are said to be rejected for the 
same reasons as claim L Accordingly, the remarks above with respect to claim 1 are also 
relevant to claims 17 and 33. Claims 17 and 33 are patentable for the same reasons set forth 
with respect to claim 1. Accordingly, it is respectfully requested that claims 17 and 33 be 
favorably reconsidered, and that the rejections thereof be withdrawn. 

With respect to the claims that depend from either of claims 1 and 17, it is respectfully 
submitted that such dependent claims are patentable for the same reasons as the respective 
parent claim. Moreover, each such claim recites additional limitations that are not taught by 
Grantges. Although it is not necessary to itemize the reasoning related to the dependent claims, 
these claims will nonetheless be briefly discussed herein to preserve all issues for appeal. 

With respect to claims 2 and 18, although the action alleges that a "connection" is 
established between the client machine and destination server of Grantges based on specific 
criteria, there is no citation to any function, only structure, with no indication that the cited 
structure performs the recited limitations. 

With respect to claims 3 and 19, although the action alleges that a particular packet 
comprises a GETURL packet, and goes so far as to cite more than 30 lines of Grantges for this 
short proposition, there seems to be no corresponding teaching in any of the cited lines. 
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With respect to claims 4 and 20, the action asserts that the recited additional feature is 
inherent in the reference. Applicants traverse the allegation. Inherency requires that although 
a teaching may not be specifically set forth, it is nonetheless doubtlessly taught by the reference. 
If that is the case here, some sort of supporting reasoning and citation is certainly appropriate 
and is respectfully requested. 

With respect to claims 5 and 21, the recited additional limitation is again said to be 
inherent. Applicants traverse the allegation and some sort of supporting reasoning and citation 
are again respectfully requested. 

With respect to claims 6, 13, 22, and 29, the action states that the additional recited 
feature is taught in Grantges at col. 12, lines 36-45. The additional feature of, for example, 
claim 6, is that: . .the step of establishing a connection between the client machine and the 
destination server comprises: resending the handshaking packets and GET URL packet to the 
destination server transparently with respect to the client machine. , However, applicants 
have diligently scoured the cited 9 lines of Grantges and found no reference to resending, no 
reference to client transparency - in short, no reference to any significant part of the recited 
limitation. Instead, the section describes a step that (1) is not a resending of any packet but is 
instead an initial sending of restructured information (line 39), and (2) is not transparent 
with respect to the client machine but rather is based on explicit user selection (line 42). 

With respect to claims 8, IS, 24, and 31, the additional recited limitation, offer 
example, claim 8 is: "...determining whether to redirect network communications based on 
the content of a handshaking packet..." The action alleges without any support or reasoning 
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that this limitation is inherent in Grantges. Applicants traverse the allegation, and some sort 
of reasoning or other showing regarding the alleged inherency is respectfully requested. 

With respect to claims 9-12 7 1 6, 25-28 and 32, the action again broadly asserts 
inherency with no support, Applicants traverse, and citation to appropriate support or 
reasoning is requested 

With respect to claims 7, 14, 23, and 30, the action appears to admit that the cited 
teachings do not actually teach the recited limitation: " . . .Grantges discloses the 
invention... except embedding an identity token,.. uniquely identify [ying] the client machine" 
Applicants agree, especially since it is unclear what information is contained in Grantges* 
"user identification cookie" about the machine being used by the user. 

For the above reasons, it is respectfully requested that the rejections of claims 1-33 
under § 102 be reconsidered and withdrawn. 
The 5,103 Rejections, 

As noted above, claims 1-33 stand rejected under § 103 as allegedly obvious in view of 
Elgressy further in view of Short. Briefly, applicants traverse these rejections as inconsistent 
with the legal requirements for such rejections. In particular, the cited references do not teach 
the claimed invention even when combined, and furthermore, there is no teaching to combine 
the references in the cited manner, nor any expectation of success in so doing. 

According to the Office action, Elgressy teaches a method of using a gateway to control 
access of a client machine to a desired resource based on a response from an access controlling 
web server. Office action at page 7. On the other hand, according to the Office action, Short 
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teaches using an authorization server (within a gateway) to redirect a user request based on the 
user's access right to a destination network. Thus, according to the Office action, it would 
have been obvious to "incorporate the technique of redirection the client request , . . as taught 
by Short, . .to utilize the gateway on network." 2 

This reasoning, both as to premise and result, is not logical or self-consistent. For 
example, if Elgressy already teaches use of a gateway to control client access to a resource in 
conjunction with an access controlling web server, then why would one of any skill whatsoever 
want to add in the teachings of Short so as "to utilize the gateway on network." Essentially, 
the Office alleges that Elgressy uses a gateway in the asserted manner (i.e. on a network), and 
that Short also uses a gateway, but that the references should nonetheless be combined so that 
we can gain the benefits that Elgressy already allegedly supplied prior to the combination (use 
of gateway on network.) 

As another example, consider that the action tells us that Elgressy fails to teach 
"redirecting the handshaking packets ... to an access controlling web server." And yet the 
action says the reference nonetheless does teach "receiving a response at the gateway from 
the access controlling web server." 

Accordingly, it is respectfully submitted that the stated motivation to combine the 
references in the asserted manner is not an actual or realistic motivation at all. Not only is it 



2 Applicants traverse these assertions of the references teachings. However, in the interest of brevity and economy 
applicants will not comment further on the discrepancies since they are plain when the references are read and since 
the other necessary showings for a prima facie case of obviousness have yet to be met as discussed herein. 
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technically unsound, it is logically unsound As such, the stated motivation cannot form the 
basis of a legally proper prima facie case of obviousness. 

Moreover, neither recited reference supplies the missing elements of redirecting packets 
in the recited manner. The action admits that Elgressy clearly lacks such a teaching, and 
although the action alleges that Short fills the gap, this is not at all accurate. Each and every 
section of Short cited by the Office action actually pertains to "redirecting users," not 
redirecting packets, and says nothing about rewriting packet destination addresses. 

For at least the foregoing reasons, it is respectfully requested that the rejections of claims 
1-33 under § 103 be favorably reconsidered and withdrawn. 3 

Moreover, as noted, applicants traverse the rejection of each dependent claim on the 
basis that not only are the required limitations, motivation and expectation of success absent as 
noted above, but moreover each other claim recites additional limitation not found in the art. 
For example, with respect to claims 2 S 4, 5, 8-12, 15, 16, 18, 20, 21, 24- 28, 31 and32, the 
action states that the additional recited limitation is inherent. Applicants traverse this assertion 
and request that the alleged inherency be shown by more than a simple assertion of alleged fact. 
With respect to claims 6, 13, 22, and 29, the cited section of Elgressy does not contain the 
alleged teaching, since there is no indication that any packet is initially redirected and then 
resent to the original intended destination. With respect to claims 7, 14, 23, and 30, the action 
again appears to admit that the cited teachings do not actually teach the recited limitation: 

' The remaining independent claims 1 7 and 33 are rejected on the same basis and are asserted by Applicants to be 
patentable for the same reasons as claim 1. 
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, .Elgressy-Short disclose the invention... except embedding an identity token., .uniquely 
identifying] the client machine." Applicants again agree, especially since it is again 
unclear what the identity token would be in the cited combination* 

In summary, applicants submit that the rejections of claims 1-33 under § 103 are 
improper, and request that these rejections be favorably reconsidered and withdrawn. 
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Conclusion 



The application is considered to be in good and proper form for allowance, and the 
Examiner is respectfully requested to pass this application to issue. 

If, in the opinion of the Examiner, a further telephone conference would expedite the 
prosecution of the subject application, the Examiner is invited to call applicants' undersigned 
representative. 




One of the Attorneys for Applicants 
LEYDIG, VOIT & MAYER, LTD. 
Two Prudential Plaza, Suite 4900 
180 North Stetson 
Chicago, Illinois 60601-6780 
(312) 616-5600 (telephone) 
(312) 616-5700 (facsimile) 



Date: March 17, 2004 
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THE PATENT AND TRADEMARK OFFICE IS RESPECTFULLY REQUESTED TO PU£E ITS STAMP OH THIS POSTAL 
CAM* AM> PLACE {TIN THE OUTGOING MAIL TO SHOW THE FOLLOWING PAPERS HAVE BEEN RECEIVED. 



KAS 



MAILING DATE; March 17. 2004 
Application Off: Umb ftt&l. 
3E PATENT APPLICATION NO. 0*489 629 



DOCKET NO.. 201365 
CLIENT Mteroon 
pMPtemm 

Ti^KETV'^^KA^^SS CONTROL U SNG NETWORK ADDRESS TRANSLATION 
DijDatri: March IT, 2004 
ENCLOSURES: - 

MAR 2 9 2004 




PAGE 25/25 * RCVD AT 7/23/2004 9:23:47 AM [Eastern Daylight Time] * 8VR:USPT0-EFXRF-2I2 * DNIS:7465489 * CSID:312 616 5700 * DURATION (mm-ss):06-14 



